Many online service providers offer additional authentication methods, with which users can identify themselves a second time during the login process or simply as an alternative to entering a password. This is referred to as two-factor authentication (2FA). But what is 2FA?

What is authentication?

The term authentication covers all procedures that contribute to confirming the identity of a person (or a terminal).

A typical example would be a password. In general, to gain access to the user area of a website or an application, a user must enter password. This is how websites or applications verify the user’s identity. However, since passwords can easily be lost, forgotten or stolen, more and more online services are beginning to rely on 2FA for improved security and an improved user experience at the login screen.

From offline to online: Advantages and disadvantages of two-factor authentication

With 2FA, the identity of a user is confirmed by two different, independent factors. In our everyday life this authentication procedure is widespread. For example, to withdraw money from an ATM, you need your ATM card (factor 1), as well as the card’s PIN (factor 2).

Anyone who wishes to travel outside of Europe often has to have their fingerprints taken and apply for a passport. The major advantage of this procedure is obvious: security.

However, the above examples may also reveal a possible contra of 2FA. If authentication is tied to an object, you must, of course, have that object with you at all times.

Strong two-factor authentication: smartphones

For many online applications, mobile devices –  which operating system the mobile device uses is irrelevant –  have established themselves as a reliable second factor.

For example, you would like to log into an online account containing sensitive data. The online service provider sends, for example, an SMS with a unique code to your mobile phone as a form of authentication. To successfully login, and confirm your identity, you must enter the unique code sent to your phone. The validity of this one-time password expires once the password has been entered or after a preconfigured time limit, for example 10 minutes.

In addition to Facebook and other services like that, this procedure is also used by Google. For example, if you access your Google account from an IP address Google deems as unusual based on your previous login history, you will be prompted to confirm your identify using 2FA. Here, 2FA becomes an additional safety net, which is only stretched in certain scenarios. This is often referred to as multi-factor authentication.

Cloud services and authentication: individual and flexible

While these standard procedures are practical in everyday private life, their business use is a great challenge with shared servers or cloud solutions. In the cloud, speed and availability are essential.

Imagine the following scenario: opening each file on a company’s on-premise server first generates login data, which are then received via SMS on a smartphone, which then must be entered again on the computer. This process would not only be cumbersome for everyday work, but also time consuming.

Authentication with TeamDrive: two-factor and more

When working with the cloud, it therefore makes sense to configure the access rights individually – adapted to the compliance requirements and internal processes. TeamDrive uses various forms of authentication. In addition to the username and password, each user is also authenticated via email.  The core of TeamDrive is the TeamDrive client software. Authenticated users can only access unencrypted data, make changes or assign access rights via the client. You can decide for yourself which type of authentication you would like to use to log in. Not only does TeamDrive offer the configuration of 2FA for special protection against unauthorized access, but TeamDrive also supports external authentication.

For protocols such as Active Directory/Lightweight Directory Access Protocols (AD/LDAP), Shibboleth and OAuth 2.0, TeamDrive does not store the authentication data on the TeamDrive registration server, but refers to an external directory service for single sign-on (SSO). This means that users only have to log on once and can then access the data they have shared at any time. This type of authentication and access control is particularly attractive to those, who work on the Internet independent of location and device, and, both users and IT security are happy.